Access
Constructors
Properties
The lifetime of the OIDC Access Token after creation. Valid units are m,h. Must be greater than or equal to 1m and less than or equal to 24h.
If client secret should be required on the token endpoint when authorizationcodewith_pkce grant is used.
The URL where this applications tile redirects users
The application client secret, only returned on POST request.
The service provider's endpoint that is responsible for receiving and parsing a SAML assertion.
The URL that the user will be redirected to after a successful login for IDP initiated logins.
The OIDC flows supported by this application
A regex to filter Cloudflare groups returned in ID token and userinfo endpoint
The unique identifier for your SaaS application.
The format of the name identifier sent to the SaaS application. Available values: "id", "email".
A JSONata expression that transforms an application's user identities into a NameID value for its SAML assertion. This expression should evaluate to a singular string. The output of this expression can override the name_id_format setting.
The permitted URL's for Cloudflare to return Authorization codes and Access/ID tokens
A JSONata expression that transforms an application's user identities into attribute assertions in the SAML response. The expression can transform id, email, name, and groups values. It can also transform fields listed in the samlattributes or oidcfields of the identity provider used to authenticate. The output of this expression must be a JSON object.
A globally unique name for an identity or service provider.
The endpoint where your SaaS application will send login requests.